Pra*_*vin 9 c# asp.net-core-mvc .net-core asp.net-core-2.0
在下面的控制器代码中,GetData()由于控制器级别的原因,只有处于“管理员”角色的用户才能访问操作方法AuthorizeAttribute。但我也希望只有“经理”角色的用户能够访问GetData()操作方法。
[Authorize(Roles = "Administrator")]
Public class AdminController : Controller
{
[Authorize(Roles = "Administrator, Manager")]
public IActionResult GetData()
{
}
}
.NET Core 框架中是否有类似 OverrideAuthorization 属性的选项来实现此要求?
经过对授权程序集的长时间分析,能够找到解决方案。
在startup.cs文件中,添加Authorization如下:
services.AddAuthorization(options =>
{
var roles = new List<string>{ Role.Administrator, Role.Manager};
var requirement =
new List<IAuthorizationRequirement> {new AdminManagerAuthorizationOverrideOthers(roles) };
var sharedAuthentication =
new AuthorizationPolicy(requirement,
new List<string>());
options.AddPolicy(name: "AdminManager", policy: sharedAuthentication);
options.AddPolicy(name: "Administrator", configurePolicy: policy => policy.RequireAssertion(e =>
{
if (e.Resource is AuthorizationFilterContext afc)
{
var noPolicy = afc.Filters.OfType<AuthorizeFilter>().Any(p =>
p.Policy.Requirements.Count == 1 &&
p.Policy.Requirements.Single() is AdminManagerAuthorizationOverrideOthers);
if (noPolicy)
return true;
}
return e.User.IsInRole(Role.Administrator);
}));
});
在从“Microsoft.AspNetCore.Authorization.Infrastructure”命名空间继承“RolesAuthorizationRequirement”的任何命名空间中创建一个类,如下所示:
public class AdminManagerAuthorizationOverrideOthers : RolesAuthorizationRequirement
{
public AdminManagerAuthorizationOverrideOthers(IEnumerable<string> allowedRoles) : base(allowedRoles)
{
}
}
然后,装饰控制器和动作方法如下:
[Authorize(Policy = "Administrator")]
Public class AdminController : Controller
{
public IActionResult GetData()
{
}
[Authorize(Policy = "AdminManager")]
public IActionResult AdministratorOnly()
{
}
}
理想情况下,您希望缩小对操作方法的限制,因为在控制器初始化步骤中,它首先检查控制器的授权过滤器,然后再检查操作过滤器。
[Authorize(Roles = "Administrator, Manager")]
Public class AdminController : Controller
{
public IActionResult GetData()
{
}
[Authorize(Roles = "Administrator")]
public IActionResult AdministratorOnly()
{
}
}
| 归档时间: |
|
| 查看次数: |
3173 次 |
| 最近记录: |